Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote malicious users to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows xp - |
||
microsoft windows server 2003 - |